Recent advances in wireless telecommunications have enabled the mobile Internet to grow by leaps and bounds. The mobile Internet provides users access to Internet services and other service based applications using mobile devices such as mobile telephones, portable computers, pagers, personal digital assistants, etc., and makes new services such as location based and context aware applications available to users of the mobile Internet. Presently, wireless application protocol (WAP), iMode, and standard HTML over modified TCP/IP (used in most Personal Digital Assistants) are the most frequently used protocols on the mobile Internet.
Along with the greater uses provided by mobile web services have also arisen greater privacy risks due to the ability of third parties to track the position, capability, preferences information, and other data pertaining to users of the mobile Internet. This raises the issue of appropriate data protection and privacy safeguards for Mobile Internet users who desire to be protected from being under permanent surveillance due to their use of wireless technology without resorting to protecting their privacy by not using mobile Internet services at all.
Existing recommendations with respect to the Platform for Privacy Preferences Project (P3P) specifies a protocol that provides an automated way for users to gain control over the use of personal data on web sites they visit. The proposal enables web sites to express their privacy practices in a machine readable XML format that can be automatically retrieved and compared with a user's privacy preferences. Using this information, a user can make informed decisions on whether or not to submit a certain piece of personal information to a web site.
In order to protect a user's right for informational self-determination, users should have control over their CPI (Capabilities and Preferences Information), represented by means of a profile, and determine how far and to what extent to communicate profile information to other web sites. The proposed protocol can enhance the user's privacy by transmitting the CPI only if there is an informed consent by the user about the origin server's site data collection and use practices.
However, the existing exchange protocol CC/PP (Composite Capability/Preferences Profile) uses a modified WSP or HTTP GET request already containing the profile information or profile difference. The proposed P3P standard requires a first check as to whether there is sufficient match between the user's privacy preferences and the remote server's privacy policy before any personal data is transmitted. Thus, some manner for overcoming this conflict is necessary.